diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-08-05 09:06:39 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-09-05 13:59:04 +0200 |
| commit | 6ad8c464a43260f8f58dc262f841c35be35b57b5 (patch) | |
| tree | d596fb119f94b21a2c01c839a0659b74a4aacf6f /install/tools/man | |
| parent | 418ce870bfbe13cea694a7b862cafe35c703f660 (diff) | |
| download | freeipa-6ad8c464a43260f8f58dc262f841c35be35b57b5.tar.gz freeipa-6ad8c464a43260f8f58dc262f841c35be35b57b5.tar.xz freeipa-6ad8c464a43260f8f58dc262f841c35be35b57b5.zip | |
Make CA-less ipa-server-install option --root-ca-file optional.
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.
Document --root-ca-file in ipa-server-install man page.
https://fedorahosted.org/freeipa/ticket/4457
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/man')
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index d713d2db4..8cc2ffa45 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -118,6 +118,9 @@ The password of the Apache Server PKCS#12 file \fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR The password of the Kerberos KDC PKCS#12 file .TP +\fB\-\-root\-ca\-file\fR=\fIFILE\fR +PEM file containing the CA certificate of the CA which issued the Directory Server, Apache Server and Kerberos KDC SSL certificates. Use this option if the CA certificate is not present in the PKCS#12 files. +.TP \fB\-\-subject\fR=\fISUBJECT\fR The certificate subject base (default O=REALM.NAME) |